Published: 18/04/2019 Updated: 01/08/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An Unrestricted File Upload Vulnerability in the SupportCandy plugin up to and including 2.0.0 for WordPress allows remote malicious users to execute arbitrary code by uploading a file with an executable extension.

Vulnerable Product	Search on Vulmon	Subscribe to Product
supportcandy supportcandy

CVE-2019-11223 - Arbitrary File Upload in Wordpress Support Candy Plugin Version 2.0 Below

CVE-2019-11223 Arbitrary File Upload in Wordpress Plugin SupportCandy Version 20 Below certkalasagcomph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/ wordpressorg/plugins/supportcandy/#developers wwwpluginvulnerabilitiescom/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/ Getting Started git clone

CWE-434 https://www.pluginvulnerabilities.com/2019/04/05/arbitrary-file-upload-vulnerability-in-supportcandy/https://wordpress.org/plugins/supportcandy/#developers https://cert.kalasag.com.ph/news/research/vulnerable-wordpress-plugin-lets-you-take-over-websites/https://wpvulndb.com/vulnerabilities/9488 https://nvd.nist.gov https://github.com/AngelCtulhu/CVE-2019-11223

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-11223

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect